On Wed, Sep 23, 2009 at 1:53 PM, szimszon <szims...@gmail.com> wrote:
>
> Okay :)
>
> I'm not particular good in English but in:
>
> "• next is the URL to redirect to after success. If the URL
> contains the
> substring "[id]" this will be replaced by the id of the record
> currently
> created/updated."
>
> is nowhere that the URL must not contain '/' in the first place.
>
... thanks for the correction ... also, must not be absolute path...
>
> This is from the book 2nd edition page 217...
>
> On szept. 23, 18:32, Yarko Tymciurak <yark...@gmail.com> wrote:
> > and the point here: currently, the way code is written, [id] in a URL
> will
> > be replaced by the created/modified id or the record EXCEPT if it is
> > relative, or absolute (e.g. ONLY '/' leading URL paths will have [id]
> set,
> > as shown in the manual).
> >
> > The question of "what is safe; what isn't" isn't the primary issue here
> -
> > it is the behavior (advertised/expected; actual; what is really
> desired)
> > for this "[id]" replacement.
> >
> > Let's get to that first, shall we?
> >
> > THEN we can discuss the various path contexts....
> >
> > On Tue, Sep 22, 2009 at 11:30 AM, Iceberg <iceb...@21cn.com> wrote:
> >
> > > Sorry, still don't get the point. In my understanding:
> > > 1. URLs that starts with http: or ftp: etc are certainly external URL.
> > > 2. URLs that starts with / are absolute path of current host
> > > 3. URLs other than above are relative path of current host
> > > so which one do you consider dangerous and could you please give an
> > > example?
> >
> > > On Sep22, 5:08am, mdipierro <mdipie...@cs.depaul.edu> wrote:
> > > > because in web2py request.args are optional I think it is dangerous
> to
> > > > have relative URLs that do not start with '/'.
> > > > web2py assumes that if a url does not start with '/' that is an
> > > > extenal URL (starts with http:, ftp: etc.)
> >
> > > > On Sep 21, 11:20 am, Yarko Tymciurak <yark...@gmail.com> wrote:
> >
> > > > > sounds like this needs to be straightened out; probably deserves
> some
> > > > > discussion (as Iceberg suggests)...
> >
> > > > > Massimo - can you add your thoughts to this?
> >
> > > > > On Sun, Sep 20, 2009 at 4:09 AM, Iceberg <iceb...@21cn.com> wrote:
> >
> > > > > > On Sep20, 4:28pm, szimszon <szims...@gmail.com> wrote:
> > > > > > > I'm a bit puzzled :(
> >
> > > > > > > I modified the code:
> >
> > > > > > > n=str(URL(r=request,f='sablonsor_jog')+'/[id]')
> > > > > > > sablon_sor=crud.create(db.oklevel_sablon,next=n)
> >
> > > > > > > but it's not working. Type of 'n' is 'str'.
> >
> > > > > > > And the
> >
> > > > > > > n='/borverseny/adatok/sablonsor_jog'+'/[id]'
> >
> > > > > > > doesn't work either.
> >
> > > > > > > But
> >
> > > > > > > n='borverseny/adatok/sablonsor_jog'+'/[id]'
> >
> > > > > > > works. So I think the point is that if the url string begins
> with
> > > the
> > > > > > > '/' then the replace doesn't work. If the url begins not with
> '/'
> > > than
> > > > > > > everything is working right.
> >
> > > > > > Yeah, I met same problem before. It is all because web2py's
> gluon/
> > > > > > tools.py does the "[id]" magic ONLY for a url NOT begins with the
> > > '/'.
> > > > > > The source code has many snippets like this.
> >
> > > > > > if next and not next[0] == '/' and next[:4] !=
> 'http':
> > > > > > next = self.url(next.replace('[id]', str
> > > > > > (form.vars.id)))
> >
> > > > > > I don't know the reason for requiring a leading '/'. Perhaps
> Massimo
> > > > > > will tell us more.
> >
> > > > > > Sincerely,
> > > > > > Iceberg
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
